Masking schemes: evaluation Oscar Reparaz COSIC/KU Leuven PROOFS Taipei (Taiwan) 2017-09-29 1
quick intro to masking • masking = countermeasure against DPA • idea: secret sharing b = b 1 + b 2 • individual shares tell you nothing about the intermediate • power consumption tells you nothing about the intermediate • main difficulty: compute on masked data • AES / RSA / … • not as easy as it sounds 2
masking common problems • masking is hard to implement… • delicate to implement in SW, delicate to implement in HW • …but sometimes the scheme is structurally flawed • …especially tricky in higher-order scenario 3
design abstraction level Protocol * Algorithm * Architecture: co-design, HW/SW, SoC Micro-architecture: buses, registers, … Circuit [IEEE Computer 2005] 4
HW/SW description Algorithmic-level description Implementation HW details 5 setup details measurement Deployment Measurement
“golden standard”, but maybe too late Algorithmic-level Implementation description Deployment Measurement HW/SW description HW details measurement setup details 6
Algorithmic-level Implementation too abstract very early description Deployment Measurement HW/SW description HW details measurement setup details 7
HW/SW description Algorithmic-level description Implementation HW details tradeo ff 8 setup details measurement Deployment Measurement
practically secure device-specific algorithmically secure algorithmically insecure provable secure relies on assumptions that may not be met by underlying HW practically insecure 9
Garden of Eden practically secure device-specific algorithmically secure algorithmically insecure provable secure relies on assumptions practically insecure 10
practically secure device-specific algorithmically secure algorithmically insecure provable secure relies on assumptions chaos practically insecure 11
practically secure device-specific e n o z g n i k n i h t algorithmically secure algorithmically insecure l u provable secure f h relies on assumptions s i w practically insecure 12
practically secure device-specific algorithmically secure algorithmically insecure provable secure relies on assumptions practically insecure despair 13
practically secure device-specific lucky and imprudent algorithmically secure algorithmically insecure provable secure relies on assumptions practically insecure 14
at design time Evaluating masking Algorithmic-level description Implementation 15 Deployment [FSE 2016] Measurement
timeline/history Coron-Prouff-Rivain Schramm-Paar CHES 2007 Higher-order tables CT-RSA 2006 Coron-Giraud-Prouff-Rivain Prouff-Giraud-Aumonier CHES 2008 “ provably secure ” CHES 2006 Coron-Prouff-Rivain-Roche Rivain-Prouff FSE 2013 “Provably secure” CHES 2010 Prouff-Rivain-Roche CT-RSA 2014. Balasch-Faust Gierlichs-Verbauwhede ASIACRYPT 2012 Reparaz-Bilgin-Nikova Bilgin-Gierlichs-Nikova Gierlichs-Verbauwhede Nikov-Rijmen CRYPTO 2015 ASIACRYPT 2014 16
Moreover, for any a 6 = 0, we have Algorithm 4 Masked Multiplication: ( X , Y ) IPMult (( L , R ) , ( K , Q )) f 1 ( a, 0) = Pr[ R 1 = a ⌦ A − 1 ^ R 1 = 0] = 0 . Input: Two Masked variables ( L , R ) and ( K , Q ) 1 Output: New masked variable ( X , Y ) such that h X , Y i = h L , R i ⌦ h K , Q i Similarly, we also have f (0 , b ) = 0 if b 6 = 0. 1. for i = 0 to n � 1 do Eventually, the total probability law together with the mutual independence between A 1 , B 1 2. for j = 1 to n do and R 1 , imply ˜ 3. U i ∗ n + j L i +1 ⌦ K j ˜ 4. V i ∗ n + j R i +1 ⌦ Q j X Pr[ A 1 = a 1 ] ⇥ Pr[ R 1 = a ⌦ a − 1 f 1 ( a, b ) = ^ B 1 ⌦ R 1 = b ] , 5. ( U , V ) IPRefresh ( ˜ U , ˜ 1 V ) a 1 ∈ F ∗ 6. A ( U 1 , · · · , U n ); C ( U n +1 , · · · , U n 2 ) q 7. B ( V 1 , · · · , V n ); D ( V n +1 , · · · , V n 2 ) which for a 6 = 0 and b 6 = 0 gives 8. Z h C , D i 9. Y IPHalfMask ( Z, A ) 1 ^ B 1 = b ( a − 1 ⌦ a 1 )] = X Pr[ A 1 = a 1 ] ⇥ Pr[ R 1 = a ⌦ a − 1 f 1 ( a, b ) = q ( q � 1) . 10. X A 1 a 1 ∈ F ∗ 11. Y Y � B q 12. return ( X , Y ) ⇤ Lemma 2. For every n > 1 , there exist f 00 n , f 01 n , f 11 n 2 R such that 3 A First-Order Flaw f 00 8 if ( a, b ) = (0 , 0) Balasch et al. claim that the above IP masking scheme is secure against any side-channel n < f 01 f n ( a, b ) = if ( a, b ) 2 ( { 0 } ⇥ F ∗ q ) [ ( F ∗ q ⇥ { 0 } ) attack of order d = n � 1, or equivalently, that any family of n � 1 intermediate variables is n f 11 if ( a, b ) 2 F ∗ q ⇥ F ∗ independent of any sensitive variable. We contradict this claim hereafter by showing that for : n q any fixed parameter n , there always exists a first-order side-channel attack on the IP masking Moreover, we have scheme. To this end, we will exhibit an intermediate variable that is statistically dependent on some sensitive variable in both the IPRefresh and IPAdd procedures (Algorithms 2 and 3 n +1 = 1 n + q � 1 f 00 q f 00 f 11 , above). n q Let A = ( A 1 , A 2 , . . . , A n ) and B = ( B 1 , B 2 , . . . , B n ) be random vectors uniformly dis- n +1 = 2 n + q � 2 f 01 q f 01 f 11 , tributed over ( F ∗ q ) n , and let R = ( R 1 , R 2 , . . . , R n ) be a random vector uniformly distributed n q over F n q , such that A , B and R are mutually independent. Consider the function f n defined n + ( q � 1) + ( q � 2) 2 1 n + 2( q � 2) f 11 q ( q � 1) f 00 q ( q � 1) f 01 f 11 by: n +1 = . n q ( q � 1) f n ( a, b ) = Pr[ h A , R i = a ^ h B , R i = b ] . (1) Proof. The first statement is true for n = 1 by Lemma 1. It is then implied by recurrence We first study f n with respect to n before exhibiting the IP masking flaw. from the second statement. Therefore, we only need to show the latter statement. For every n > 1, the total probability law implies 3.1 Study of f n X The study of f n developed in this section is recursive. First, in Lemma 1, we give an explicit f n +1 ( a, b ) = f n ( a � a 0 , b � b 0 ) f 1 ( a 0 , b 0 ) . (2) expression to f 1 . Then, in Lemma 2, we exhibit a recursive relationship for f n . Both lemmas ( a 0 ,b 0 ) ∈ F 2 q are eventually involved to provide an explicit expression to f n (Theorem 1). 1. For ( a, b ) = (0 , 0), the terms in the sum (2) are of the form f n ( a 0 , b 0 ) f 1 ( a 0 , b 0 ). Then Lemma 1. The function f 1 satisfies by Lemma 1, we get 1 if ( a, b ) = (0 , 0) 8 1 q f n (0 , 0) if ( a 0 , b 0 ) = (0 , 0) q > f 1 ( a, b ) = 0 if ( a, b ) 2 ( { 0 } ⇥ F ∗ q ) [ ( F ∗ q ⇥ { 0 } ) < if ( a 0 , b 0 ) 2 ( { 0 } ⇥ F ∗ q ) [ ( F ∗ f n ( a 0 , b 0 ) f 1 ( a 0 , b 0 ) = 0 q ⇥ { 0 } ) 1 q ( q − 1) if ( a, b ) 2 F ∗ q ⇥ F ∗ 1 q ( q − 1) f n ( a 0 , b 0 ) if ( a 0 , b 0 ) 2 F ∗ q ⇥ F ∗ q > : q Proof. First, since both A 1 and B 1 are non-zero, we have We deduce f n +1 ( a, b ) = 1 1 f 1 (0 , 0) = Pr[ A 1 ⌦ R 1 = 0 ^ B 1 ⌦ R 1 = 0] = Pr[ R 1 = 0] = 1 q f 00 n + ( q � 1) 2 q ( q � 1) f 11 (3) n . q . 17
Recommend
More recommend
